From dc88b86a223ba7d70073f5306601075e8c03828e Mon Sep 17 00:00:00 2001 From: rea Date: Tue, 23 Dec 2014 21:22:35 +0000 Subject: Document CVE-2014-9116 in mutt --- security/vuxml/vuln.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index eb4abd9e7193..e0c5be3c0698 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -57,6 +57,47 @@ Notes: --> + + mutt -- denial of service via crafted mail message + + + mutt + 1.5.221.5.23_7 + + + ja-mutt + 1.5.221.5.23_7 + + + zh-mutt + 1.5.221.5.23_7 + + + + +

NVD reports:

+
The write_one_header function in mutt 1.5.23 does not + properly handle newline characters at the beginning of a + header, which allows remote attackers to cause a denial of + service (crash) via a header with an empty body, which + triggers a heap-based buffer overflow in the mutt_substrdup + function.
+

+ + + + 71334 + CVE-2014-9116 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125 + http://dev.mutt.org/trac/ticket/3716 + + + 2014-11-26 + 2014-12-23 + + + ntp -- multiple vulnerabilities -- cgit